diff --git a/android_webview/BUILD.gn b/android_webview/BUILD.gn index 21e5a8c82d5c58..6e539cceb0e828 100644 --- a/android_webview/BUILD.gn +++ b/android_webview/BUILD.gn @@ -568,8 +568,6 @@ android_library("browser_java") { "java/src/org/chromium/android_webview/AwHttpAuthHandler.java", "java/src/org/chromium/android_webview/AwLayoutSizer.java", "java/src/org/chromium/android_webview/AwNetworkChangeNotifierRegistrationPolicy.java", - "java/src/org/chromium/android_webview/AwOriginVerificationScheduler.java", - "java/src/org/chromium/android_webview/AwOriginVerifier.java", "java/src/org/chromium/android_webview/AwPacProcessor.java", "java/src/org/chromium/android_webview/AwPdfExporter.java", "java/src/org/chromium/android_webview/AwPrintDocumentAdapter.java", @@ -585,7 +583,6 @@ android_library("browser_java") { "java/src/org/chromium/android_webview/AwSupportLibIsomorphic.java", "java/src/org/chromium/android_webview/AwThreadUtils.java", "java/src/org/chromium/android_webview/AwTracingController.java", - "java/src/org/chromium/android_webview/AwVerificationResultStore.java", "java/src/org/chromium/android_webview/AwViewAndroidDelegate.java", "java/src/org/chromium/android_webview/AwViewMethods.java", "java/src/org/chromium/android_webview/AwWebContentsDelegate.java", @@ -665,7 +662,6 @@ android_library("browser_java") { "//components/content_capture/android:java", "//components/crash/android:handler_java", "//components/crash/android:java", - "//components/digital_asset_links/android:java", "//components/embedder_support/android:util_java", "//components/embedder_support/android:web_contents_delegate_java", "//components/embedder_support/android/metrics:java", diff --git a/android_webview/browser/aw_contents_io_thread_client.cc b/android_webview/browser/aw_contents_io_thread_client.cc index 2b0b68a5c807f3..97a11fc8e959f2 100644 --- a/android_webview/browser/aw_contents_io_thread_client.cc +++ b/android_webview/browser/aw_contents_io_thread_client.cc @@ -388,24 +388,6 @@ std::unique_ptr RunShouldInterceptRequest( return web_resource_intercept_response; } -bool RunShouldBlockRequest(AwWebResourceRequest request, - JavaObjectWeakGlobalRef ref) { - if (!request.is_outermost_main_frame) { - return false; - } - - JNIEnv* env = AttachCurrentThread(); - base::android::ScopedJavaLocalRef obj = ref.get(env); - if (!obj) { - return true; - } - AwWebResourceRequest::AwJavaWebResourceRequest java_web_resource_request; - AwWebResourceRequest::ConvertToJava(env, request, &java_web_resource_request); - - return Java_AwContentsBackgroundThreadClient_shouldBlockRequestFromNative( - env, obj, java_web_resource_request.jurl); -} - } // namespace void AwContentsIoThreadClient::ShouldInterceptRequestAsync( @@ -429,23 +411,6 @@ void AwContentsIoThreadClient::ShouldInterceptRequestAsync( FROM_HERE, std::move(get_response), std::move(callback)); } -bool AwContentsIoThreadClient::ShouldBlockRequest( - AwWebResourceRequest request) { - DCHECK_CURRENTLY_ON(BrowserThread::IO); - JNIEnv* env = AttachCurrentThread(); - if (!bg_thread_client_object_) { - bg_thread_client_object_.Reset( - Java_AwContentsIoThreadClient_getBackgroundThreadClient(env, - java_object_)); - } - if (bg_thread_client_object_) { - return RunShouldBlockRequest( - request, JavaObjectWeakGlobalRef(env, bg_thread_client_object_.obj())); - } - // Block request if validation did not run. - return true; -} - bool AwContentsIoThreadClient::ShouldBlockContentUrls() const { DCHECK_CURRENTLY_ON(BrowserThread::IO); diff --git a/android_webview/browser/aw_contents_io_thread_client.h b/android_webview/browser/aw_contents_io_thread_client.h index 410c7c60c4ce79..61b6f3fed5b589 100644 --- a/android_webview/browser/aw_contents_io_thread_client.h +++ b/android_webview/browser/aw_contents_io_thread_client.h @@ -108,9 +108,6 @@ class AwContentsIoThreadClient { AwWebResourceRequest request, ShouldInterceptRequestResponseCallback callback); - // Check if the request should be blocked based on web content ownership. - bool ShouldBlockRequest(AwWebResourceRequest request); - // Retrieve the AllowContentAccess setting value of this AwContents. // This method is called on the IO thread only. bool ShouldBlockContentUrls() const; diff --git a/android_webview/browser/aw_feature_list.cc b/android_webview/browser/aw_feature_list.cc index ec15fe36f3aab8..4e83c8a40b4ed1 100644 --- a/android_webview/browser/aw_feature_list.cc +++ b/android_webview/browser/aw_feature_list.cc @@ -32,7 +32,6 @@ const base::Feature* const kFeaturesExposedToJava[] = { &features::kWebViewUseMetricsUploadService, &features::kWebViewXRequestedWithHeaderControl, &features::kWebViewXRequestedWithHeaderManifestAllowList, - &features::kWebViewRestrictThirdPartyContent, }; const base::Feature* FindFeatureExposedToJava(const std::string& feature_name) { diff --git a/android_webview/browser/network_service/aw_proxying_url_loader_factory.cc b/android_webview/browser/network_service/aw_proxying_url_loader_factory.cc index 816b4480ce58d1..4d216a6d20cbef 100644 --- a/android_webview/browser/network_service/aw_proxying_url_loader_factory.cc +++ b/android_webview/browser/network_service/aw_proxying_url_loader_factory.cc @@ -405,13 +405,6 @@ void InterceptedRequest::Restart() { request_.referrer.spec()); } - if (io_thread_client->ShouldBlockRequest(AwWebResourceRequest(request_))) { - // TODO(swestphal): Show alternative UI to inform the user about blocked - // third party web content. - SendErrorAndCompleteImmediately(net::ERR_ACCESS_DENIED); - return; - } - base::RepeatingClosure arg_ready_closure; // Pointer lifetime is tied to |arg_ready_closure|. InterceptResponseReceivedArgs* intercept_response_received_args; diff --git a/android_webview/common/aw_features.cc b/android_webview/common/aw_features.cc index b63d50d538efc2..1a7d8809c928bc 100644 --- a/android_webview/common/aw_features.cc +++ b/android_webview/common/aw_features.cc @@ -103,12 +103,6 @@ BASE_FEATURE(kWebViewRecordAppDataDirectorySize, "WebViewRecordAppDataDirectorySize", base::FEATURE_DISABLED_BY_DEFAULT); -// Flag to restrict main frame Web Content to verified web content. Verification -// happens via Digital Asset Links. -BASE_FEATURE(kWebViewRestrictThirdPartyContent, - "WebViewRestrictThirdPartyContent", - base::FEATURE_DISABLED_BY_DEFAULT); - // Disallows window.{alert, prompt, confirm} if triggered inside a subframe that // is not same origin with the main frame. BASE_FEATURE(kWebViewSuppressDifferentOriginSubframeJSDialogs, diff --git a/android_webview/common/aw_features.h b/android_webview/common/aw_features.h index a30ecaa3b86fd2..40c05e4b6e2c9a 100644 --- a/android_webview/common/aw_features.h +++ b/android_webview/common/aw_features.h @@ -32,7 +32,6 @@ BASE_DECLARE_FEATURE(kWebViewMeasureScreenCoverage); BASE_DECLARE_FEATURE(kWebViewMixedContentAutoupgrades); BASE_DECLARE_FEATURE(kWebViewOriginTrials); BASE_DECLARE_FEATURE(kWebViewRecordAppDataDirectorySize); -BASE_DECLARE_FEATURE(kWebViewRestrictThirdPartyContent); BASE_DECLARE_FEATURE(kWebViewSuppressDifferentOriginSubframeJSDialogs); BASE_DECLARE_FEATURE(kWebViewTestFeature); BASE_DECLARE_FEATURE(kWebViewUseMetricsUploadService); diff --git a/android_webview/glue/java/src/com/android/webview/chromium/WebViewChromiumAwInit.java b/android_webview/glue/java/src/com/android/webview/chromium/WebViewChromiumAwInit.java index fce0d4e3a477b3..c0ed93e49f4cd2 100644 --- a/android_webview/glue/java/src/com/android/webview/chromium/WebViewChromiumAwInit.java +++ b/android_webview/glue/java/src/com/android/webview/chromium/WebViewChromiumAwInit.java @@ -26,10 +26,8 @@ import org.chromium.android_webview.AwContentsStatics; import org.chromium.android_webview.AwCookieManager; import org.chromium.android_webview.AwDarkMode; -import org.chromium.android_webview.AwFeatureList; import org.chromium.android_webview.AwLocaleConfig; import org.chromium.android_webview.AwNetworkChangeNotifierRegistrationPolicy; -import org.chromium.android_webview.AwOriginVerificationScheduler; import org.chromium.android_webview.AwProxyController; import org.chromium.android_webview.AwServiceWorkerController; import org.chromium.android_webview.AwThreadUtils; @@ -38,7 +36,6 @@ import org.chromium.android_webview.ProductConfig; import org.chromium.android_webview.R; import org.chromium.android_webview.WebViewChromiumRunQueue; -import org.chromium.android_webview.common.AwFeatures; import org.chromium.android_webview.common.AwResource; import org.chromium.android_webview.common.AwSwitches; import org.chromium.android_webview.gfx.AwDrawFnImpl; @@ -232,10 +229,6 @@ protected void startChromiumLocked() { mFactory, awBrowserContext.getGeolocationPermissions()); mWebStorage = new WebStorageAdapter(mFactory, mBrowserContext.getQuotaManagerBridge()); - if (AwFeatureList.isEnabled(AwFeatures.WEBVIEW_RESTRICT_THIRD_PARTY_CONTENT)) { - AwOriginVerificationScheduler.initAndScheduleAll( - context.getPackageName(), context, awBrowserContext, null); - } mAwTracingController = getTracingController(); mServiceWorkerController = awBrowserContext.getServiceWorkerController(); mAwProxyController = new AwProxyController(); diff --git a/android_webview/java/DEPS b/android_webview/java/DEPS index 957fabd8e12d3b..c07fb347da5570 100644 --- a/android_webview/java/DEPS +++ b/android_webview/java/DEPS @@ -1,6 +1,5 @@ include_rules = [ "+components/autofill/android/java", - "+components/digital_asset_links/android/java", "+components/embedder_support/android/java", "+components/embedder_support/android/metrics/java", "+components/navigation_interception/android/java", diff --git a/android_webview/java/src/org/chromium/android_webview/AwContents.java b/android_webview/java/src/org/chromium/android_webview/AwContents.java index 06b0757ef32771..34ea7f9bafd44f 100644 --- a/android_webview/java/src/org/chromium/android_webview/AwContents.java +++ b/android_webview/java/src/org/chromium/android_webview/AwContents.java @@ -137,9 +137,6 @@ import java.util.Map; import java.util.WeakHashMap; import java.util.concurrent.Callable; -import java.util.concurrent.CountDownLatch; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.atomic.AtomicBoolean; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -682,39 +679,6 @@ public WebResourceResponseInfo shouldInterceptRequest( } return webResourceResponseInfo; } - - @Override - public boolean shouldBlockRequest(String url) { - if (!AwFeatureList.isEnabled(AwFeatures.WEBVIEW_RESTRICT_THIRD_PARTY_CONTENT)) { - return false; - } - // TODO(1376958): Implement a URLLoaderThrottle to not block the IO thread before - // enabling the feature. - - CountDownLatch countDownLatch = new CountDownLatch(1); - AtomicBoolean verified = new AtomicBoolean(false); - - // Verifications are scheduled when WebView is initialized, so when this is called, the - // verification is likely finished here. - if (AwOriginVerificationScheduler.getInstance().getOriginVerifier().checkForSavedResult( - url)) { - return false; - } - - AwThreadUtils.postToUiThreadLooper(() -> { - AwOriginVerificationScheduler.getInstance().verify( - url, mBrowserContext, (result) -> { - verified.set(result); - countDownLatch.countDown(); - }); - }); - try { - countDownLatch.await(10, TimeUnit.SECONDS); - } catch (InterruptedException e) { - // Returning the default value as no successful verification was performed. - } - return !verified.get(); - } } //-------------------------------------------------------------------------------------------- diff --git a/android_webview/java/src/org/chromium/android_webview/AwContentsBackgroundThreadClient.java b/android_webview/java/src/org/chromium/android_webview/AwContentsBackgroundThreadClient.java index 8c43f94691c15b..121556e3b644c3 100644 --- a/android_webview/java/src/org/chromium/android_webview/AwContentsBackgroundThreadClient.java +++ b/android_webview/java/src/org/chromium/android_webview/AwContentsBackgroundThreadClient.java @@ -22,8 +22,6 @@ public abstract class AwContentsBackgroundThreadClient { public abstract WebResourceResponseInfo shouldInterceptRequest( AwContentsClient.AwWebResourceRequest request); - public abstract boolean shouldBlockRequest(String url); - // Protected methods --------------------------------------------------------------------------- @NonNull @@ -49,9 +47,4 @@ private AwWebResourceInterceptResponse shouldInterceptRequestFromNative(String u return new AwWebResourceInterceptResponse(null, /*raisedException=*/true); } } - - @CalledByNative - private boolean shouldBlockRequestFromNative(String url) { - return shouldBlockRequest(url); - } } diff --git a/android_webview/java/src/org/chromium/android_webview/AwOriginVerificationScheduler.java b/android_webview/java/src/org/chromium/android_webview/AwOriginVerificationScheduler.java deleted file mode 100644 index 55310d97036cf2..00000000000000 --- a/android_webview/java/src/org/chromium/android_webview/AwOriginVerificationScheduler.java +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright 2022 The Chromium Authors -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -package org.chromium.android_webview; - -import android.content.Context; - -import androidx.annotation.Nullable; - -import org.chromium.base.Callback; -import org.chromium.base.ThreadUtils; -import org.chromium.components.digital_asset_links.OriginVerificationScheduler; -import org.chromium.components.digital_asset_links.OriginVerifier; -import org.chromium.components.digital_asset_links.OriginVerifierHelper; -import org.chromium.components.embedder_support.util.Origin; - -import java.util.Set; - -/** - * Singleton. - * AwOriginVerificationScheduler provides a WebView specific implementation of {@link - * OriginVerificationScheduler}. - * - * Call {@link AwOriginVerificationScheduler#init} to initialize the statement list and call - * {@link AwOriginVerificationScheduler#validate} to perform a validation. - */ -public class AwOriginVerificationScheduler extends OriginVerificationScheduler { - private static final String TAG = "AwOriginVerification"; - - /** Lock on creation of sInstance. */ - private static final Object sLock = new Object(); - - private static AwOriginVerificationScheduler sInstance; - - private AwOriginVerificationScheduler( - AwOriginVerifier originVerifier, Set pendingOrigins) { - super(originVerifier, pendingOrigins); - } - - /** - * Initializes the AwOriginVerificationScheduler. - * This should be called exactly only once as it parses the AndroidManifest and statement list. - * - * @param packageName the package name of the host application. - * @param context a context associated with an Activity/Service to load resources. - */ - public static void init(String packageName, Context context) { - ThreadUtils.assertOnUiThread(); - synchronized (sLock) { - assert sInstance - == null - : "`init(String packageName, Context context)` must only be called once"; - - sInstance = new AwOriginVerificationScheduler( - new AwOriginVerifier(packageName, OriginVerifier.HANDLE_ALL_URLS, - AwVerificationResultStore.getInstance()), - OriginVerifierHelper.getClaimedOriginsFromManifest(packageName, context)); - } - } - - public static void initAndScheduleAll(String packageName, Context context, - AwBrowserContext browserContext, @Nullable Callback callback) { - init(packageName, context); - synchronized (sLock) { - sInstance.scheduleAllPendingVerifications(browserContext, callback); - } - } - - public static AwOriginVerificationScheduler getInstance() { - synchronized (sLock) { - return sInstance; - } - } -} diff --git a/android_webview/java/src/org/chromium/android_webview/AwOriginVerifier.java b/android_webview/java/src/org/chromium/android_webview/AwOriginVerifier.java deleted file mode 100644 index 47452dd8f2fd48..00000000000000 --- a/android_webview/java/src/org/chromium/android_webview/AwOriginVerifier.java +++ /dev/null @@ -1,62 +0,0 @@ -// Copyright 2022 The Chromium Authors -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -package org.chromium.android_webview; - -import androidx.annotation.Nullable; - -import org.chromium.components.digital_asset_links.OriginVerifier; -import org.chromium.components.digital_asset_links.Relationship; -import org.chromium.components.embedder_support.util.Origin; - -import java.util.List; - -/** - * AwOriginVerifier performs OriginVerifications for WebView. - */ -public class AwOriginVerifier extends OriginVerifier { - public AwOriginVerifier(String packageName, String relationship, - @Nullable AwVerificationResultStore verificationResultStore) { - super(packageName, relationship, null, verificationResultStore); - } - - @Override - public boolean isAllowlisted(String packageName, Origin origin, String relation) { - return false; - } - - @Override - public boolean wasPreviouslyVerified(Origin origin) { - return wasPreviouslyVerified(mPackageName, mSignatureFingerprints, origin, mRelation); - } - - /** - * Returns whether an origin is first-party relative to a given package name. - * - * This only returns data from previously cached relations, and does not trigger an asynchronous - * validation. - * - * @param packageName The package name. - * @param signatureFingerprint The signatures of the package. - * @param origin The origin to verify. - * @param relation The Digital Asset Links relation to verify for. - */ - private static boolean wasPreviouslyVerified(String packageName, - List signatureFingerprints, Origin origin, String relation) { - AwVerificationResultStore resultStore = AwVerificationResultStore.getInstance(); - return resultStore.shouldOverride(packageName, origin, relation) - || resultStore.isRelationshipSaved( - new Relationship(packageName, signatureFingerprints, origin, relation)); - } - - @Override - public void recordResultMetrics(OriginVerifier.VerifierResult result) { - // TODO(crbug.com/1376958): Implement UMA logging. - } - - @Override - public void recordVerificationTimeMetrics(long duration, boolean online) { - // TODO(crbug.com/1376958): Implement UMA logging. - } -} diff --git a/android_webview/java/src/org/chromium/android_webview/AwServiceWorkerController.java b/android_webview/java/src/org/chromium/android_webview/AwServiceWorkerController.java index 52e42c22e1f5aa..f6c4cd5de9c62a 100644 --- a/android_webview/java/src/org/chromium/android_webview/AwServiceWorkerController.java +++ b/android_webview/java/src/org/chromium/android_webview/AwServiceWorkerController.java @@ -10,15 +10,10 @@ import androidx.annotation.NonNull; import androidx.annotation.Nullable; -import org.chromium.android_webview.common.AwFeatures; import org.chromium.android_webview.safe_browsing.AwSafeBrowsingConfigHelper; import org.chromium.build.annotations.DoNotInline; import org.chromium.components.embedder_support.util.WebResourceResponseInfo; -import java.util.concurrent.CountDownLatch; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.atomic.AtomicBoolean; - /** * Manages clients and settings for Service Workers. */ @@ -123,35 +118,5 @@ public WebResourceResponseInfo shouldInterceptRequest( : null; } } - @Override - public boolean shouldBlockRequest(String url) { - if (!AwFeatureList.isEnabled(AwFeatures.WEBVIEW_RESTRICT_THIRD_PARTY_CONTENT)) { - return false; - } - - CountDownLatch countDownLatch = new CountDownLatch(1); - AtomicBoolean verified = new AtomicBoolean(false); - - // Verifications are scheduled when WebView is initialized, so when this is called, the - // verification is likely finished here. - AwOriginVerificationScheduler scheduler = AwOriginVerificationScheduler.getInstance(); - if (scheduler != null && scheduler.getOriginVerifier().checkForSavedResult(url)) { - return false; - } - - AwThreadUtils.postToUiThreadLooper(() -> { - AwOriginVerificationScheduler.getInstance().verify( - url, mBrowserContext, (result) -> { - verified.set(result); - countDownLatch.countDown(); - }); - }); - try { - countDownLatch.await(10, TimeUnit.SECONDS); - } catch (InterruptedException e) { - return true; - } - return !verified.get(); - } } } diff --git a/android_webview/java/src/org/chromium/android_webview/AwVerificationResultStore.java b/android_webview/java/src/org/chromium/android_webview/AwVerificationResultStore.java deleted file mode 100644 index c0480e890ffabd..00000000000000 --- a/android_webview/java/src/org/chromium/android_webview/AwVerificationResultStore.java +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright 2022 The Chromium Authors -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -package org.chromium.android_webview; - -import org.chromium.components.digital_asset_links.VerificationResultStore; - -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -/** - * AwVerificationResultStore stores relationships in a local variable. - */ -public class AwVerificationResultStore extends VerificationResultStore { - private static final AwVerificationResultStore sInstance = new AwVerificationResultStore(); - - private Set mVerifiedOrigins = Collections.synchronizedSet(new HashSet<>()); - - private AwVerificationResultStore() {} - - public static AwVerificationResultStore getInstance() { - return sInstance; - } - - @Override - protected Set getRelationships() { - return mVerifiedOrigins; - } - - @Override - protected void setRelationships(Set relationships) { - mVerifiedOrigins = relationships; - } -} diff --git a/android_webview/javatests/src/org/chromium/android_webview/test/AwContentsClientShouldInterceptRequestTest.java b/android_webview/javatests/src/org/chromium/android_webview/test/AwContentsClientShouldInterceptRequestTest.java index 718ec612d836d3..9a069167a6e113 100644 --- a/android_webview/javatests/src/org/chromium/android_webview/test/AwContentsClientShouldInterceptRequestTest.java +++ b/android_webview/javatests/src/org/chromium/android_webview/test/AwContentsClientShouldInterceptRequestTest.java @@ -6,7 +6,6 @@ import static org.chromium.android_webview.test.AwActivityTestRule.SCALED_WAIT_TIMEOUT_MS; -import android.content.Context; import android.support.test.InstrumentationRegistry; import android.util.Pair; import android.webkit.JavascriptInterface; @@ -23,19 +22,15 @@ import org.junit.runner.RunWith; import org.chromium.android_webview.AwContents; -import org.chromium.android_webview.AwOriginVerificationScheduler; import org.chromium.android_webview.InterceptionType; import org.chromium.android_webview.test.TestAwContentsClient.OnReceivedErrorHelper; import org.chromium.android_webview.test.util.AwTestTouchUtils; import org.chromium.android_webview.test.util.CommonResources; import org.chromium.android_webview.test.util.JSUtils; -import org.chromium.base.PackageUtils; import org.chromium.base.metrics.RecordHistogram; import org.chromium.base.test.util.CallbackHelper; -import org.chromium.base.test.util.CommandLineFlags; import org.chromium.base.test.util.Feature; import org.chromium.base.test.util.TestFileUtil; -import org.chromium.components.embedder_support.util.Origin; import org.chromium.components.embedder_support.util.WebResourceResponseInfo; import org.chromium.net.test.util.TestWebServer; import org.chromium.net.test.util.WebServer; @@ -47,7 +42,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.concurrent.CountDownLatch; import java.util.concurrent.Future; import java.util.concurrent.TimeUnit; @@ -75,11 +69,6 @@ private String addAboutPageToTestServer(TestWebServer webServer) { CommonResources.ABOUT_HTML); } - private String addAssetListToTestServer(TestWebServer webServer, String fingerprint) { - return addPageToTestServer(webServer, CommonResources.ASSET_LINKS_PATH, - CommonResources.makeAssetFile(fingerprint)); - } - private WebResourceResponseInfo stringWithHeadersToWebResourceResponseInfo( String input, Map responseHeaders) throws Throwable { final String mimeType = "text/html"; @@ -1462,108 +1451,4 @@ public void testCorsPreflightFromCustomSchemePass() throws Throwable { Assert.assertEquals(preflightTriggeringMethod, fetchRequestToPass.getMethod()); Assert.assertEquals(customScheme, fetchRequestToPass.headerValue("Origin")); } - - @Test - @SmallTest - @Feature({"AndroidWebView"}) - @CommandLineFlags.Add({"disable-features=WebViewRestrictThirdPartyContent"}) - public void testDoCallInterceptRequestIfThridPartyRestrictionIsDisabled() throws Throwable { - final String aboutPageUrl = addAboutPageToTestServer(mWebServer); - final Context context = InstrumentationRegistry.getInstrumentation().getTargetContext(); - mActivityTestRule.runOnUiThread( - () -> AwOriginVerificationScheduler.init(context.getPackageName(), context)); - - Assert.assertEquals( - 1, AwOriginVerificationScheduler.getInstance().getPendingOrigins().size()); - - int callCount = mShouldInterceptRequestHelper.getCallCount(); - mActivityTestRule.loadUrlAsync(mAwContents, aboutPageUrl); - mShouldInterceptRequestHelper.waitForCallback(callCount, 1); - - Assert.assertEquals( - 1, AwOriginVerificationScheduler.getInstance().getPendingOrigins().size()); - } - - @Test - @SmallTest - @Feature({"AndroidWebView"}) - @CommandLineFlags.Add({"enable-features=WebViewRestrictThirdPartyContent"}) - public void testDoesNotCallInterceptRequestIfThridPartyRestrictionIsEnabledAndNotVerified() - throws Throwable { - final String aboutPageUrl = addAboutPageToTestServer(mWebServer); - final Context context = InstrumentationRegistry.getInstrumentation().getTargetContext(); - mActivityTestRule.runOnUiThread( - () -> AwOriginVerificationScheduler.init(context.getPackageName(), context)); - - Set pendingOrigins = - AwOriginVerificationScheduler.getInstance().getPendingOrigins(); - - Assert.assertEquals(1, pendingOrigins.size()); - Assert.assertTrue(pendingOrigins.contains(Origin.create("https://example.com"))); - - mActivityTestRule.loadUrlSync( - mAwContents, mContentsClient.getOnPageFinishedHelper(), aboutPageUrl); - - Assert.assertEquals(0, mShouldInterceptRequestHelper.getCallCount()); - } - - @Test - @SmallTest - @Feature({"AndroidWebView"}) - @CommandLineFlags.Add({"enable-features=WebViewRestrictThirdPartyContent"}) - public void testDoesCallInterceptRequestIfThridPartyRestrictionIsEnabledAndVerified() - throws Throwable { - final Context context = InstrumentationRegistry.getInstrumentation().getTargetContext(); - final String aboutPageUrl = addAboutPageToTestServer(mWebServer); - - List mSignatureFingerprints = - PackageUtils.getCertificateSHA256FingerprintForPackage(context.getPackageName()); - - final String assetLinksUrl = - addAssetListToTestServer(mWebServer, mSignatureFingerprints.get(0)); - mActivityTestRule.runOnUiThread( - () -> AwOriginVerificationScheduler.init(context.getPackageName(), context)); - - // Inject current base url of the test server for verifying the url. - AwOriginVerificationScheduler.getInstance().addPendingOriginForTesting( - Origin.create(aboutPageUrl)); - - Assert.assertEquals( - 2, AwOriginVerificationScheduler.getInstance().getPendingOrigins().size()); - - Assert.assertFalse(AwOriginVerificationScheduler.getInstance() - .getOriginVerifier() - .wasPreviouslyVerified(Origin.create(aboutPageUrl))); - mActivityTestRule.loadUrlSync( - mAwContents, mContentsClient.getOnPageFinishedHelper(), aboutPageUrl); - - Assert.assertEquals( - 1, AwOriginVerificationScheduler.getInstance().getPendingOrigins().size()); - Assert.assertTrue(AwOriginVerificationScheduler.getInstance() - .getOriginVerifier() - .wasPreviouslyVerified(Origin.create(aboutPageUrl))); - Assert.assertEquals(1, mShouldInterceptRequestHelper.getCallCount()); - } - - @Test - @SmallTest - @Feature({"AndroidWebView"}) - @CommandLineFlags.Add({"enable-features=WebViewRestrictThirdPartyContent"}) - public void testfThridPartyRestrictionInitAndScheduleAll() throws Throwable { - final Context context = InstrumentationRegistry.getInstrumentation().getTargetContext(); - - CountDownLatch countVerifiedLatch = new CountDownLatch(1); - mActivityTestRule.runOnUiThread( - () - -> AwOriginVerificationScheduler.initAndScheduleAll( - context.getPackageName(), context, - mActivityTestRule.getAwBrowserContext(), - (res) -> { countVerifiedLatch.countDown(); })); - countVerifiedLatch.await(); - - AwOriginVerificationScheduler scheduler = AwOriginVerificationScheduler.getInstance(); - - Set pendingOrigins = scheduler.getPendingOrigins(); - Assert.assertEquals(0, pendingOrigins.size()); - } } diff --git a/android_webview/javatests/src/org/chromium/android_webview/test/util/CommonResources.java b/android_webview/javatests/src/org/chromium/android_webview/test/util/CommonResources.java index ebd2dbb4c38ed5..a99d83b91bda2c 100644 --- a/android_webview/javatests/src/org/chromium/android_webview/test/util/CommonResources.java +++ b/android_webview/javatests/src/org/chromium/android_webview/test/util/CommonResources.java @@ -7,10 +7,6 @@ import android.graphics.Color; import android.util.Pair; -import org.json.JSONArray; -import org.json.JSONException; -import org.json.JSONObject; - import java.util.ArrayList; import java.util.List; @@ -64,8 +60,6 @@ public static String getOnImageLoadedHtml(String imageSrc) { // Default name for the test image. public static final String TEST_IMAGE_FILENAME = "testimage.png"; - public static final String ASSET_LINKS_PATH = "/.well-known/assetlinks.json"; - // HTML code of a static simple page with a favicon. public static final String FAVICON_STATIC_HTML = "" @@ -156,24 +150,4 @@ public static String makeHtmlPageWithSimplePostFormTo(String destination) { + " " + ""); } - - public static String makeAssetFile(String fingerprint) { - try { - return (new JSONArray().put( - new JSONObject() - .put("relation", - new JSONArray().put( - "delegate_permission/common.handle_all_urls")) - .put("target", - new JSONObject() - .put("namespace", "android_app") - .put("package_name", - "org.chromium.android_webview.shell") - .put("sha256_cert_fingerprints", - new JSONArray().put(fingerprint))))) - .toString(); - } catch (JSONException e) { - } - return ""; - } } diff --git a/android_webview/test/BUILD.gn b/android_webview/test/BUILD.gn index a505ce468b5aae..c2f3e89e9a9b81 100644 --- a/android_webview/test/BUILD.gn +++ b/android_webview/test/BUILD.gn @@ -149,7 +149,6 @@ android_resources("webview_instrumentation_apk_resources") { "shell/res/raw/resource_file.html", "shell/res/raw/resource_icon.png", "shell/res/values/config.xml", - "shell/res/values/strings.xml", ] } @@ -258,7 +257,6 @@ instrumentation_test_apk("webview_instrumentation_test_apk") { "//components/component_updater/android:embedded_component_loader_java", "//components/content_capture/android:java", "//components/content_capture/android/test_support:java", - "//components/digital_asset_links/android:java", "//components/embedder_support/android:util_java", "//components/embedder_support/android:web_contents_delegate_java", "//components/embedder_support/android/metrics:java", diff --git a/android_webview/test/shell/AndroidManifest.xml b/android_webview/test/shell/AndroidManifest.xml index a53772958c63e3..8894c3d0601f02 100644 --- a/android_webview/test/shell/AndroidManifest.xml +++ b/android_webview/test/shell/AndroidManifest.xml @@ -57,9 +57,6 @@ - - - diff --git a/android_webview/test/shell/res/values/strings.xml b/android_webview/test/shell/res/values/strings.xml deleted file mode 100644 index 153aadc40a87dd..00000000000000 --- a/android_webview/test/shell/res/values/strings.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - [{ - \"relation\": [\"delegate_permission/common.handle_all_urls\"], - \"target\": { - \"namespace\": \"web\", - \"site\": \"https://example.com\" - } - }] - - \ No newline at end of file diff --git a/components/digital_asset_links/android/java/src/org/chromium/components/digital_asset_links/OriginVerificationScheduler.java b/components/digital_asset_links/android/java/src/org/chromium/components/digital_asset_links/OriginVerificationScheduler.java index a787dcebd780c7..7f2e672c1ffc09 100644 --- a/components/digital_asset_links/android/java/src/org/chromium/components/digital_asset_links/OriginVerificationScheduler.java +++ b/components/digital_asset_links/android/java/src/org/chromium/components/digital_asset_links/OriginVerificationScheduler.java @@ -41,24 +41,22 @@ public OriginVerificationScheduler(OriginVerifier originVerifier, Set pe mPendingOrigins = pendingOrigins; } - public Set getPendingOrigins() { + @VisibleForTesting + public Set addPendingOriginForTesting() { return mPendingOrigins; } // Use this function only for testing. @VisibleForTesting - public void addPendingOriginForTesting(Origin origin) { + public void addPendingOrigin(Origin origin) { mPendingOrigins.add(origin); } public void verify( String url, BrowserContextHandle browserContextHandle, Callback callback) { - verify(Origin.create(url), browserContextHandle, callback); - } - - public void verify( - Origin origin, BrowserContextHandle browserContextHandle, Callback callback) { ThreadUtils.assertOnUiThread(); + + Origin origin = Origin.create(url); if (origin == null) { callback.onResult(false); return; @@ -79,19 +77,4 @@ public void verify( } callback.onResult(mOriginVerifier.wasPreviouslyVerified(origin)); } - - public void scheduleAllPendingVerifications( - BrowserContextHandle browserContextHandle, @Nullable Callback callback) { - ThreadUtils.assertOnUiThread(); - if (callback == null) { - callback = (res) -> {}; - } - for (Origin origin : getPendingOrigins()) { - verify(origin, browserContextHandle, callback); - } - } - - public OriginVerifier getOriginVerifier() { - return mOriginVerifier; - } } diff --git a/components/digital_asset_links/android/java/src/org/chromium/components/digital_asset_links/OriginVerifier.java b/components/digital_asset_links/android/java/src/org/chromium/components/digital_asset_links/OriginVerifier.java index c3b59050ab6639..e2a498bcf6cd9b 100644 --- a/components/digital_asset_links/android/java/src/org/chromium/components/digital_asset_links/OriginVerifier.java +++ b/components/digital_asset_links/android/java/src/org/chromium/components/digital_asset_links/OriginVerifier.java @@ -245,10 +245,7 @@ public void onOriginVerificationResult(String originAsString, int result) { break; case RelationshipCheckResult.NO_CONNECTION: Log.i(TAG, "Device is offline, checking saved verification result."); - boolean storedResult = checkForSavedResult(origin); - recordResultMetrics(storedResult ? VerifierResult.OFFLINE_SUCCESS - : VerifierResult.OFFLINE_FAILURE); - originVerified(origin, storedResult, false); + checkForSavedResult(origin); break; default: assert false; @@ -304,15 +301,16 @@ private void saveVerificationResult(Origin origin, boolean originVerified) { /** * Checks for a previously saved verification result. */ - public boolean checkForSavedResult(Origin origin) { + private void checkForSavedResult(Origin origin) { try (StrictModeContext ignored = StrictModeContext.allowDiskReads()) { - return mVerificationResultStore.isRelationshipSaved( + boolean verified = mVerificationResultStore.isRelationshipSaved( new Relationship(mPackageName, mSignatureFingerprints, origin, mRelation)); - } - } - public boolean checkForSavedResult(String url) { - return checkForSavedResult(Origin.create(url)); + recordResultMetrics( + verified ? VerifierResult.OFFLINE_SUCCESS : VerifierResult.OFFLINE_FAILURE); + + originVerified(origin, verified, false); + } } /** diff --git a/tools/metrics/histograms/enums.xml b/tools/metrics/histograms/enums.xml index 25c7b8411aef1b..422a5d39e5a76a 100644 --- a/tools/metrics/histograms/enums.xml +++ b/tools/metrics/histograms/enums.xml @@ -57682,7 +57682,6 @@ from previous Chrome versions. - -